This Metasploit module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This Metasploit module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).
5b93e4f728713e374facd865bf3645e22f45dbb6fc5e1b5e6aac4c62197b922c
This Metasploit module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.
c51c1d1c21392204bf387a607e386388a6773f8a710db6706b904d643e98b8f9
Zahir Enterprise Plus 6 build 10b suffers from a buffer overflow vulnerability.
6cd7f06f5f8babde60b5020ba2bff8010c6891ee9e61e0a2cdee4f0f7f78d0b1
Centreon versions 2.3.3 through 2.3.9-4 menuXML.php remote blind SQL injection exploit.
d04b644c764a41f28eca2c71a041e69645a678273c302fafa28bfe8fac2f9c4a
Trend Micro Control Manager versions 5.5 and 6.0 suffer from an AdHocQuery remote blind SQL injection vulnerability.
ce96999e810814c024c38533c2b23e3e57c9c4a4b441314fa7e4c4133f539757
webERP versions 4.08.4 and below suffer from a remote SQL injection vulnerability in WorkOrderEntry.php.
6a3662b7c29717d2a88024524394dbdf12cf57e1da607c8a6457fcc3b5244904
Trend Micro InterScan Messaging Security Suite suffers from stored cross site scripting and cross site request forgery vulnerabilities.
d86efa1d88ecdbb7560b3e29adb1a12d5b6a2953d61809ccae4d56fd757440dc
This Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability is caused due to a boundary error within the handling of HTTP request. While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't reliable across virtual (VMWare, VirtualBox) and physical environments. Because of this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default DEP is OptIn and AllMediaServer won't run with DEP.
cd224eb091bd83cac2f6867238fdeea0e253250295ed9b0257c0173e71de0311
This Metasploit module exploits a stack buffer overflow in the EZHomeTech EZServer. If a malicious user sends packets containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique.
2bc92ff43f6bcca9c19f782162fc5db7f333fc90bad8a57b6c286fccae52a802
Ezhometech Ezserver versions 6.4 and below stack buffer overflow exploit that binds a shell to port 4444.
0a3c7b30433e99d4e5b31ad439b1616f357b9a2b87934bff537c85f76e8698e9
Hexamail Server versions 4.4.5 and below suffer from a persistent cross site scripting vulnerability.
160e361b2554abab89535e34bcabe535be38225dbc0d072c307a624af2a5e429
This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution.
6ec3545a1080c917dedf3c676152c00eb53f82eef025b7df8d5bd1ad6fb56805
This Metasploit module exploits a vulnerability found in Distinct TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of 'SYSTEM'.
f9ed713ff3be483dd14a09fbef83afaa998846ace3aab19c3588c2a752aaa832
This Metasploit module exploits a stack buffer overflow in CyberLink Power2Go version 8.x. The vulnerability is triggered when opening a malformed p2g file containing an overly long string in the 'name' attribute of the file element. This results in overwriting a structured exception handler record.
130e60095a57a3b069f09bfa02ddc5fe4743b86427ffcaf33f1f4cc77609b845
Multiple CyberLink products suffer a file project handling stack buffer overflow vulnerability.
47ae6efc123ab0a2d65e2470e0618b50d536f33edb978f5e8d4680db0541507b
This Metasploit module exploits a vulnerability found in Aviosoft Digital TV Player Pro version 1.x. An overflow occurs when the process copies the content of a playlist file on to the stack, which may result arbitrary code execution under the context of the user.
40796a9ff8ef6ef45d0fa1a9d3f0de273180cbc7d8cbb49f00ac35473f6640a3
Aviosoft Digital TV Player Professional version 1.x stack buffer overflow exploit that spawns calc.exe.
dcacb9fec63a2e9898a6a4280beea67758dc693f42d4b3d3c4f4a587825aa14b
BlazeVideo HDTV Player version 6.6 Professional universal DEP and ASLR bypass buffer overflow exploit.
cd503a7eb1398e42493c9c50930545257e289549f4b450834e2fd5e2a62499ff
ScriptFTP versions 3.3 and below suffer from a buffer overflow vulnerability.
4c3d7bd282a71bbc0d04ab728ecd6d649b96ed1e7f9337d132ef2569f82dde80
QuickShare File Share version 1.2.1 suffers from a directory traversal vulnerability.
d7ed75e1d802259579a6e45360cb55024fc8640a7eee5794fb64b8a33fd89152
FTPGetter version 3.58.0.21 buffer overflow PASV exploit.
0fd21df550d9c2c1d42fdcf6b62b41c882ba373c78788b0e3f9bf34885f83d93
BS.Player version 2.56 (Build 1043) denial of service exploit that can create malicious .m3u and .pls files.
f5354b4c39398d0c5cbe4e3d643f4a08d1282f57e0101e5b6905431e527a5cb0
MediaHuman Music Converter version 1.0.1 suffers from .wav and .mp3 denial of service vulnerabilities.
49de5f7d7f2ab9b63ac7c0a0f944ab60335f419fbb054e0cf33fa66a6a0e606d
A-PDF All to MP3 Converter version 1.1.0 universal SEH overwrite exploit.
3f2a1e14578e7f0b16bdaf7c345ff3f4e5b23a857542542f9875c0de6d4f9e47
Batch Audio Converter Lite Edition versions 1.0.0.0 and below stack buffer overflow exploit.
55f9de422b17a2e4ab8c50f079c1e3564b943b40addd11d3087fc08d2de92e3d